Lucene search
WPScanCVELIST:CVE-2021-24943HistoryDec 06, 2021 - 3:55 p.m.
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
2021-12-0615:55:39
CWE-89
WPScan
www.cve.org
1
0.31 Low
EPSS
Percentile
97.0%
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
CNA Affected
[
{
"product": "Registrations for the Events Calendar – Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.6",
"status": "affected",
"version": "2.7.6",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2021-12-06 16:15:00
patchstack
patchstack
nuclei
nuclei
Registrations for the Events Calendar < 2.7.6 - SQL Injection
2024-02-13 04:03:42
cnvd
cnvd
wpexploit
wpexploit
wpvulndb
wpvulndb
cve
cve
CVE-2021-24943
2021-12-06 16:15:08
nvd
nvd
CVE-2021-24943
2021-12-06 16:15:08